What is your security setup these days?

Opera
Look n' Stop
KAV 5.0....I'm thinking about 6.0, looks good but looks don't protect your computer and its still in a beta stage.
Online Armor
Spy Sweeper
Counterspy (on demand)
Ewido (on demand)
Spyware Blaster
Spyware Guard


As for things like Process Guard or Ghost Security (appdefend/regdefend) I would like to try one of these programs but the block and allow features can be a bit too much for me.
Some of the services/programs I know to allow and some I know to block but then there are others I have no clue on what to do so instead of sitting there scratching my head I think its best if I leave these type of programs alone.
This also includes the allow once or block once features, doesn't matter, when that service/program runs on your PC again you will be asked that same question, allow, block, allow once, block once and that gets tiring after a while.
Online Armor is more my speed so I will stick with that.

Now to all of the knowledgeable people out there if there is anythig I should add to my security setup or something I should remove please let me know.
Thanks.

 

DA,

Let see, you're running in a virtual environment (VMWare), you have an application that basically allows you to control the processes that can run/the actions they can take/as well as some other key protective tasks (PrevX1R), you have a file/memory scanner for known malware, and a software firewall.

If you're lacking any feature, I don't see it, but then again I don't know what advanced malware is.

Blue

PS - I take it the Kerio/PrevX compatibility issue is not a problem as configured? Or are you trying to make the point that multiple HIPS/etc. can yield unintended consequences? Or both?

 

LOL, can you give a bit more details about this? I don´t see what´s wrong with recommending certain apps, or commenting about certain security issues, we all do this. Now that I think of it, take you as an example, you claim to be a newbie but are telling people not to use SSM, without even giving any reasons.

Oh so there is a much bigger chance that you will get hit by just plain regular "advanced malware"?

I don´t think it´s that hard to figure out if protecting a certain area makes sense or not, again it´s no rocket science, but that´s just me.

The thing is I have nothing against a discussion once in a while, but this discussion is going nowhere. If you think I´m wrong about certain things that´s cool with me, but I really don´t care. Plus I got nothing to prove against you or anybody else.

Perhaps it is an illusion, but I´m having a lot of fun so far. And it would be a real bummer if my system would somehow still get compromised. But according to you I got nothing to worry about, I feel so much better now.

Btw, why are you giving me your setup from your virtual machine? I assume you are testing these apps? What was your setup before this, and why did you decide to change? Just for fun? And Notok is right, as soon as you think you are ready for it, you can perhaps switch to expert mode, I know you can do it, don´t be scared!

 

Oh really? Even though you don't know what "certain area" does, what effects there are in blocking it, whether any malware actually use that certain area, it's obvious to know whether it is worth protecting it?

Impressive! I guess everyone in the security industry, all the malware analysts and whatnot can resign now, and leave it to Rasheed the expert to tell everyone what is important to cover. It's not rocket science right? Heck you don't even need to know anything about programming or computer science. Just waltz in here, read the forums for a while and presto! It's obvious what is important to cover in HIPS (yes it's obvious, the answer is cover everything!) !

LMAO.

You have nothing to prove yes... Keep saying that, someday you might even believe it....

Well you *probably* have nothing to worry about. In any case, your changes are as likely to weaken your defenses as to strengthen them, so who knows?

Anyway you are more likely to crash your system with all those betas running together really.. and mislead people into thinking you really need all these beta gimzos...

Because it would be too tedious to type them all?

Mostly yeah to see what all the fuss is about. I don't fool myself into think this setup is safer or less safe than dozens of other setups i have on different machines.

Seriously I doubt i'm qualified to really say. And i'm amazed you claim to be able to do do.

 

This thread is becoming a fight between DA and Rasheed187.
IMHO, it should be closed...

 

Scared? Only people cowering in fear of "Advanced malware" are the scared ones.

On a serious note, oh sure, i can handle it, the question is whether it provides any gain. in security. I mean , what's so hard right? just read the prompts, take 30 seconds to read the help file explainations, click yes/no , yes/no.


But does that necessarily mean you are safer? Because you have more prompts to answer? Oh right. You think it's not rocket science, the more prompts the better.

 

Don't count out Notok.

Besides, Rasheed's being threatening to quit this discussion for the last 3 posts already, I figure eventually he will make good his promise....

 

To all:

Let's keep the discussion centered on factual information and opinions. Discuss the information and opinions. Keep personal comments out of the discussion. Thanks

Blue

 

You know you´re a funny guy, the thing is I didn´t came up with these areas that need protection. Or do you claim that the developers of these tools don´t even know what the heck they are doing themselves?

No I have nothing to prove especially not in a discussion with a confused newbie. Then why am I still responding to you? Well, to tell you the truth I´m having a whole lot of fun.

Know it hasn´t crashed yet. And I don´t see how my setup would mislead people, you are a newbie and it didn´t mislead you?

Well it seems a bit strange to me that when asked for your setup you are giving me your 2 months old setup in VMware. I assume you are not running in a virtual machine all the time?

I´m amazed that you even bother to install all these tools (on different machines) and try to figure out "what the fuss is all about". It seems like a lot of wasted energy to me if you don´t even know why these tools have certain features or why you might or might not benefit from it.

 

I already said the discussion between me, DA (and Notok) should be moved to a seperate thread because it´s becoming cluttered.

 

Well you didn't claim you came up with those areas true, but you claimed it wasn't rocket science to decide on those areas. And when you decide to choose one HIPS over another, aren't you deciding which area is more important to look after?

Isn't that the whole point of deciding what HIPS to use and drop to enhance resistance to 'advanced malware' according to you?

So is that rocket science or not? As i said, it's far more amazing for you to make such decisions compared to developers since they at least presumably understand the implementations , but you don't even know that.

Yet you know that the area of handling windows message is a must have, even though you have no clue at all what it is. Amazing!

Of course it occurs to me that one way to avoid picking which area is important, is to run all of them together (while turning off overlapping areas). As long as one HIP has something that another doesn't, you keep it on. Basically as you said the more pathways, entrypoints covered the better.

Is that your strategy?

Is that such an impossibility? Oh I forgot, we are talking about people here who believe whatever they read without being skeptical. Expert says sky is falling and you agree. Blocking windows message is good says the manual. So Rasheed agrees... What does it do? God knows, but it's bad!

Well it's better to know that one is a newbie and know one's limit, than to think one knows a lot more than he really does. In any case, Notok seems to disagree with you a whole lot and agrees with me... I guess he's a confused newbie too ?

Good to hear, I posted your setup in another thread as a recommendation, and Blue zannettit, expressed the opinion that it would cause a BSOD. I guess he was wrong

I'm a skeptical newbie. And I can spot another newbie no matter what he thinks a mile away.

You know what? This statement proves my point. You are so locked into the mind set of constant change that you can't believe '2 months old' setup is actually one of the last stable setup i had with changes! I have another alpha setup that hasnt changed in about 6-8 months i think.

Oh sure like everyone i download some new app for a quick test drive, but i don't keep them long for testing. So yeah my setups are pretty stable*.

Well I suspect i 'understand' these tools at least as much as you do, if not more so.

The difference between you and me is that I don't fool myself into thinking that I know more than I actually do.

It's very easy to do that. Being able to name something doesn't mean you understand what it is.....

As for wasted energy i kind of agree, so i'm scaling back a bit on such things and spending time on things that really enhance my knowledge about computers.

I think Too often, people here are fooled into thinking they know about computers and security, when all they do is learn how to click on buttons in security software. Because of that they think they are knowledgable about computer security.

They exhibit pseudo knowledge, using terms they don't understand, because it sounds good. Scratch the surface a bit, and you find they actually know nuts.

"Blocking windows message is very very important!" - but don't ask me what it is. Heck I'm not even going to google it up and pretend i understand what it is. I'm just going to say it's a sometimes goal of malware.

 

That's not the point and should never ever be a point any way .. and from the posts I read .. he ain't a newbie anyway lol

still .. who's misleading who? ...

what is wrong with that ?? I have FirstDefense-ISR installed .. sometimes I'm a whole week busy in some of my "setups" .. and I guess I'm not the only one around here .. the same goes up with VmWare except that it's more fun, more complete .. and finaly if set up ok, perfect for trying and sampling .. beta-testing .. some around here are beta-testing KIS/KAV @ the moment .. solely on a test machine while posting results/comments/..

I won't even comment on the rest Rasheed

 

Like I said before, this discussion is going nowhere, I don´t know if you noticed, but you keep repeating yourselve over and over again. And you still don´t make a lot of sense IMO, but what the heck let´s continue.

I said "it´s not that difficult to figure out if it makes any sense to protect certain areas". Do you understand the concept of what I´m trying to say? If not I give up. And quantity is not everything, I also look at other things which I have already mentioned in this thread.

I think you made a good point, some people have certain limits, others don´t, but don´t feel bad about it.

I´m sorry but I did not disagree with Notok.

I´m skeptical about skeptical newbies.

This proves my point that you´re confused, the main issue is not about the 2 months, but I would rather like to know your day to day regular setup on your real machine.

That´s amazing, you don´t even know how to test these tools and don´t even understand why these tools (developed by people a lot smarter than you and me) have certain features (Oh wait, probably only because of marketing purposes right?), still you have different setups on several machines and you might even understand these tools "better". Now who is fooling who?

By starting discussions on Wilders that probably never come to an end (unless you stop repeating yourself)?

Thanks for your (final?) conclusion but I still don´t give a rat´s ass about what you think. Do you understand the concept of this? Personally I think that some people on this forum have a couple of serious issues with themselves(accusing other people that they claim to be experts, or that they might mislead people LOL), but they just don´t know it yet.

 

Why can't you all just keep this thread standardized the way we were doing before posting lists of software and changes to those lists without the negative comments and remarks to each other.

To all of you who are debating among yourselves, who cares what list or software you use, what you think of them, and what others think of it, you use what you think is appropriate for you and that is it.

If you want to keep debating, do it by pm'ing each other, but don't do it in here. Like I said before, I started this thread to learn more about each others' protection software lists, not so you can debate with each other on off topic conversations. Don't post to this thread if you think you are better than the rest and also if you think you know more than others; you might not always be right! We are all here to learn from each other, but not to make each other feel inferior to you.

dja2k

 

Agree with you. That's exactly what I was thinking dja2k

 

What are you using for hardening these days?

I just cleaned my system and only installed Harden-It, Bugoff, and Windows Worm Door Cleaner. I don't know if to install secure-it or samurai or computer security tool anymore since they break too much IE and some streaming stuff of Media Player. I also might install safexp , but not activate most of the options I did last time, but only go with the recommended settings. I am pretty covered in my security setup that all the extra hardening is not worth breaking things that I normally use. If something gets threw, well then that is the price I pay.

Current Setup is:

KAV 6.0.0.697h Beta
Look'n'Stop 2.05p3 beta
Regrun Gold 4.50
Online Armor 1.1.0.692 Beta
GSS Appdefend\Regdefend 1.110 Beta
Spyware Doctor 3.5.1.498

dja2k

 

Right now my goal is to reduce my security software to minimum, so I am tryalling KIS 6.0 beta version. So far I am really impressed and runnind very light too. Beside that I have:


Netgear Router WGR614
Look"n"Stop
Online Armour
RegDefend

Ewido as on demand scanner

RollBack RX and Image for Window as backup

 

ive never had secure-it or samurai break much in IE, but then again, I rarely use IE anyways. as for safexp, im starting to use it again, hopefully safe mode staying in working condition.

 

Latest revisions as of 3/26/06:

Resident:

BOClean
DefenseWall HIPS
Look'n'Stop
Netgear RP614 v2 Router w/NAT & SPI
NOD32
RegRun Platinum 4.5
Safe'n'Sec

On-Demand:

Ewido(free)
Sentinel
Spyware Doctor
Spy Sweeper

System Hardening:

Applied manual system hardening tweaks
Disabled most WinXP SP2 services
Harden-It
Removed Netmeeting
Removed Windows Messenger
Samurai
Windows Worms Door Cleaner


Peace & Love,

CogitoErgoSum

 

Antarctica

I like KIS too, but I couldn't do a rule to work Bitlord that good. That was a problem mentioned by others that bittorrents don't work well yet because there is no actual ruleset to make it work. I tried the ruleset from outpost for bittorrents, but didn't work well. KIS would be great , but don't know how good its firewall protection is compared to looknstop.

WSFuser

Things like yahoo messenger not playing its launchcast player and aol not playing xm radio. Also I order the webcasts for WWE wrestling that uses DRM from Windows Media Player, but something of those hardening tools broke all that and didn't work.

dja2k

 

i dont listen to internet music/radio nor do i use anything DRM, but sry the tools dont work for you

 

USFuser

Also the main reason I haven't applied any of those also is cause one of them breaks activesync 4.1 from working and connecting to my pocket pc phone. But from the three secure-it, samurai, or computer security tool, don't know which one is really better. I know that secure-it is for the less knowledgable, samurai for the advanced user, and computer security tool would probably be in the middle. Wouldn't use any of those two combined anymore since they have some overlap.

dja2k

 

I'd say read through the documentation of each, see if you can't figure out what ActiveSync is using to connect.. terminal services maybe? At any rate, it's a good reason to take them one at a time, and I definitely agree that those three are going to have the most overlap. There is also some question about the quality of Samurai, I personally wouldn't use it unless you're quite sure of what you're doing.

As for WMP, I'd just look through the settings manually, it probably had the feature to obtain the license automatically disabled. Personally, though, I just use Shoutcast.com, I think there are more stations there than anywhere else, and works wonderfly with Winamp.

 

Cool thanks Notok

The problem with the WMP was a dialog would pop up where you would access your account (email and password) to verify payment and send liscense. The problem was that after it tried to log in, I would get an error that couldn't connect, so maybe something cause IE setting that WMP uses to change.

dja2k

 

Opera
Forté Agent
Kerio 2.1.5
Deep Freeze